Header background

Infomaniak's
Bug Bounty program

Contribute to improving our ethical solutions to ensure the highest level of security for our customers by joining our community of researchers.

Join the program

Committed to cybersecurity and digital confidence

There's no such thing as absolute security. That's why it's our priority and is at the heart of everything we do, everything we create.

  • Our solutions focus on the essential needs of our users to limit human security errors.

  • Our technologies are developed in Switzerland by our own teams and / or are based on world-renowned open source projects.

  • Whistle-blowers are protected, and our employees can report any irregularity anonymously at any time.

  • The data entrusted to us is hosted and processed in our data centers in Switzerland, in accordance with our committed confidentiality policy, LPD and GDPR.

To complement this approach, we work with the collective intelligence of the community of researchers and ethical hackers to ensure the highest possible level of security for our customers.

Data center image
Padlock svg

Your goal: to challenge the security of our solutions

Anyone interacting with our products and services is encouraged to report the vulnerabilities identified to our security team. Substantial bonuses can be awarded for proven reporting, and it's also a great way to get in touch with our technical teams to join Infomaniak and contribute to the development of an ethical cloud that respects privacy and the environment.

Openspace image
SVG code

How does it work?

Our customers' security and trust are our top priorities. With our Bug Bounty program, we reward ethical hackers and researchers who contribute to strengthening the cybersecurity of our ethical cloud solutions.

Target icon
Contact icon
Tracking icon

1

2

3

Report the vulnerability discovered

Describe the vulnerability identified as precisely as possible.

Contact our security team

An expert will analyse your report and contact you for further information.

Receive a follow-up and your reward

You'll be able to follow the case and you'll be paid according to the service you provide.

Quote icon
Johann Laqua - CISO

Our customers' trust is our priority. We encourage collaboration between our security team and the community to strengthen our cyber defence. Our Bug Bounty program is part of our commitment to security, data protection and transparency.

YesWeHack icon

Join the Bug Bounty program

Join the YesWeHack platform to report vulnerabilities to us and receive payment for your contribution.

Join the Bug Bounty program

We prefer the YesWeHack platform, which acts as a trusted third party. If necessary, you can submit your report to us at the following address security@infomaniak.com

Do you have any questions or doubts?

We’ve compiled the questions we’re often asked – see below.

  • YesWeHack's online bug bounty service enables us to process your reports more quickly, with triage managed by the service team, and we enjoy smoother communications for collaboration with security vulnerabilities researchers.

    Rewards are then managed automatically according to the validity of the report and the level of severity of what has been found.

    You will benefit from a high-performance tool for working with Infomaniak's internal teams.

  • We ask you to send us as many details as possible about the flaw you have identified, so that we can accurately assess the severity and impact of your discovery.

    The YesWeHack team will then reproduce (PoC) the weakness identified for a second evaluation of your report.

    Our teams will carry out a final assessment based on CVSS criteria, the impact on our core business and other internal criteria.

  • Please observe the following rules when performing searches:

    • Denial-of-service (DoS) attacks against our applications, servers, networks or infrastructure are strictly prohibited.
    • Avoid tests that could damage or interrupt our services.
    • Do not use automated scanners or tools that generate large volumes of network traffic.
    • Do not disclose, manipulate or destroy user data or files in any of our applications/servers.
    • Do not copy files from our applications/servers and do not disclose them.
    • No disclosure of vulnerabilities, complete, partial or otherwise, is permitted.

  • In our YesWeHack programme, a scale of rewards is indicated according to the evaluation of the severity and its impact. Once your report has been validated, a reward will be awarded and paid automatically via the YesWeHack system.